Password Best Practices
Published January 14, 2025
Passwords are often talked about in the news and daily interactions. When is the last time you reviewed best practices and checked to make sure you are doing all that you can do to keep your login credentials secure?
Passwords are a huge part of your every day life. How many nights have you been up late wondering if you have been hacked or opened your inbox to find a nasty email demanding bitcoin payment or the email saying they know your history and what you do online? Where do you begin to improve your online security and minimize these awful emails and thoughts about having been hacked?
The answer is to start by looking at your Passwords.
Are you using the same password over and over again? Are you using a variation such as SoCal$urf2000
, $oCalSurf2020
, etc? That may make it easier to remember your passwords because you create 2-4 variations and try them all until you are able to login somewhere. Reality is that hackers can do the same.
In this tutorial, we'll cover a range of best practices that you can implement to protect your login credentials across all websites that you need to login to.
Do not reuse the same password
Although it is convenient, reusing the same password for more than 1 account login is a bad idea. If that password is compromised you'll be changing that password for every single other account that uses that same password.
In the unfortunate event that one of your passwords is compromised, you would only need to change it one time to remedy the issue.
Many websites, including large and popular websites, fail to adequately secure your password in their systems, and hackers routinely break into them and access hundreds of millions of accounts. If you reuse passwords from site to site, someone who hacks into one site can log in to your account on other sites. At a minimum, make sure that you have unique passwords for all sites that store financial or other sensitive data or ones that could be used to hurt your reputation. This includes your bank accounts, investment accounts and all other websites where you store a payment method on file to pay for goods or services.
Your email account is another area where it is critical to maintain a strong and unique password - If a malicious actor gains access to your email, they can easily reset your passwords and log in to your account.
Do not use similar passwords
Similar passwords are really easy to hack as well. Scripts can be written quickly to cover variations of a password in an attempt to 'crack the code' so to speak.
Recommended password length
Ideally, passwords should be 12-16 characters. Shorter passwords are less secure and take less time to compromise. Anything beyond is 16 characters is just too much.
Do Not Email Your Password to Anyone
Most email accounts are rarely encrypted (although they should be), which makes them relatively easy for attackers to read. The only time Evolve Web Hosting may ask you for your password is when there is an active Support Ticket and we need it to help resolve your issue. If we ask for it, we also direct you to provide this information in our Custom Fiels section of a ticket which is encrypted and wiped from our system as soon as the ticket is resolved. If you must share a password, use a secure method of transmission such as pwpush.com and set the link to expire after the first view.
Do not save your password within your web browsers built in password manager
Web browsers often fail to store the passwords securely, so use a password manager instead.
Don’t save passwords or use the “Remember Me” options on a public computer
If you do, the next person to use the computer will be able to access your account. Make sure you log out and close your browser when you are done.
Do not store your passwords in a Word or Excel document or in a notebook
If it’s written down somewhere and someone can find it, it’s not secure. Also, in the unfortunate event that there is a fire, your passwords will be gone in an instant. Store passwords in a password manager instead, so they’ll be encrypted and available to you on all of your devices. The exception to this rule is storing unrecoverable passwords (like the master password for a password manager or your operating system account) securely. One good way to secure them is to keep them in a safe deposit box or locked in a safe.
If you are convinced that it is time to clean up your passwords and make them stronger, you may be asking yourself, how would I even remember them if I had long and unique passwords for all of my logins?
The answer is a Password Manager. Keeping passwords written on pieces of paper or even in a spreadsheet is too cumbersome and is not a practical idea.